diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 5bf5f169e47a9..c333510a63f05 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -1,6 +1,6 @@ { lib, stdenv, fetchurl, fetchpatch, python, zlib, pkg-config, glib , perl, pixman, vde2, alsa-lib, texinfo, flex -, bison, lzo, snappy, libaio, gnutls, nettle, curl, ninja, meson +, bison, lzo, snappy, libaio, libtasn1, gnutls, nettle, curl, ninja, meson, sigtool , makeWrapper, autoPatchelfHook , attr, libcap, libcap_ng , CoreServices, Cocoa, Hypervisor, rez, setfile @@ -43,19 +43,20 @@ stdenv.mkDerivation rec { + lib.optionalString xenSupport "-xen" + lib.optionalString hostCpuOnly "-host-cpu-only" + lib.optionalString nixosTestRunner "-for-vm-tests"; - version = "6.0.0"; + version = "6.1.0"; src = fetchurl { url= "https://download.qemu.org/qemu-${version}.tar.xz"; - sha256 = "1f9hz8rf12jm8baa7kda34yl4hyl0xh0c4ap03krfjx23i3img47"; + sha256 = "15iw7982g6vc4jy1l9kk1z9sl5bm1bdbwr74y7nvwjs1nffhig7f"; }; - nativeBuildInputs = [ makeWrapper python python.pkgs.sphinx pkg-config flex bison meson ninja ] + nativeBuildInputs = [ python python.pkgs.sphinx python.pkgs.sphinx_rtd_theme pkg-config flex bison meson ninja ] ++ lib.optionals gtkSupport [ wrapGAppsHook ] - ++ lib.optionals stdenv.isLinux [ autoPatchelfHook ]; + ++ lib.optionals stdenv.isLinux [ autoPatchelfHook ] + ++ lib.optionals stdenv.isDarwin [ sigtool ]; buildInputs = [ zlib glib perl pixman - vde2 texinfo lzo snappy + vde2 texinfo lzo snappy libtasn1 gnutls nettle curl ] ++ lib.optionals ncursesSupport [ ncurses ] @@ -85,22 +86,14 @@ stdenv.mkDerivation rec { patches = [ ./fix-qemu-ga.patch ./9p-ignore-noatime.patch + # Cocoa clipboard support only works on macOS 10.14+ (fetchpatch { - name = "CVE-2021-3545.patch"; - url = "https://gitlab.com/qemu-project/qemu/-/commit/121841b25d72d13f8cad554363138c360f1250ea.patch"; - sha256 = "13dgfd8dmxcalh2nvb68iv0kyv4xxrvpdqdxf1h3bjr4451glag1"; - }) - (fetchpatch { - name = "CVE-2021-3546.patch"; - url = "https://gitlab.com/qemu-project/qemu/-/commit/9f22893adcb02580aee5968f32baa2cd109b3ec2.patch"; - sha256 = "1vkhm9vl671y4cra60b6704339qk1h5dyyb3dfvmvpsvfyh2pm7n"; + url = "https://gitlab.com/qemu-project/qemu/-/commit/7e3e20d89129614f4a7b2451fe321cc6ccca3b76.diff"; + sha256 = "09xz06g57wxbacic617pq9c0qb7nly42gif0raplldn5lw964xl2"; + revert = true; }) ] ++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch ++ lib.optionals stdenv.hostPlatform.isMusl [ - (fetchpatch { - url = "https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/xattr_size_max.patch"; - sha256 = "1xfdjs1jlvs99hpf670yianb8c3qz2ars8syzyz8f2c2cp5y4bxb"; - }) (fetchpatch { url = "https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/musl-F_SHLCK-and-F_EXLCK.patch"; sha256 = "1gm67v41gw6apzgz7jr3zv9z80wvkv0jaxd2w4d16hmipa8bhs0k"; @@ -117,13 +110,6 @@ stdenv.mkDerivation rec { sed -i "/install_subdir('run', install_dir: get_option('localstatedir'))/d" \ qga/meson.build - # TODO: On aarch64-darwin, we automatically codesign everything, but qemu - # needs specific entitlements and does its own signing. This codesign - # command fails, but we have no fix at the moment, so this disables it. - # This means `-accel hvf` is broken for now, on aarch64-darwin only. - substituteInPlace meson.build \ - --replace 'if exe_sign' 'if false' - # glibc 2.33 compat fix: if `has_statx = true` is set, `tools/virtiofsd/passthrough_ll.c` will # rely on `stx_mnt_id`[1] which is not part of glibc's `statx`-struct definition. # diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8dc47710afec2..ccf37435c07ac 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -26941,6 +26941,7 @@ with pkgs; qemu = callPackage ../applications/virtualization/qemu { inherit (darwin.apple_sdk.frameworks) CoreServices Cocoa Hypervisor; inherit (darwin.stubs) rez setfile; + inherit (darwin) sigtool; python = python3; };